Background: I have my website (http://www.gymandspajobs.com) code hosted on a linux server . My website allows new registrations for members. The filled-up forms are verified by javascripts in the folder "/javascript" and if the information is found ok, the data is submitted via javascript HTTP request object and the php file "somefile.php" kept in the folder "/somefolder" under the root directory does the database inserts.

Problem : When a new user tries to register using firefox (I tested in WinXP SP2, Firefox - v3.5.2), the HTTP response I get ( which I tapped in my javascript file) is "You don't have permission to access /somefolder/somefile.php on this server." .

Surprisingly, the same functionality works perfectly well in IE7 and Chrome.

You might want to try changing user agents and masquerade as IE when you connect with Fx (the User Agent Switcher addon lets you do this quickly and easily). This will tell you if it's code on the server side preventing Fx, or if it's something else.

Do you get any errors in Firefox's error logs related to your Javascript, or any kind of security type errors?

Firefox's log is accessed via Tools -> Error Console

If you've had your browser open for a bit then its probably full of all sorts of messages, Clear it and then try the action again on your site and see if anything shows up in the log as you go through the process.

Dear Sir, Thank you for the suggestion. The firefox error console shows No error. I came across the following discussion wherein the problem sounds similar to my problem. Kindly suggest if this will solve my problem. nabble.com/… Thanks.
–
Rupak KharvandikarAug 10 '09 at 13:01

The article you've linked seems to be a purely server side issue that happens irrespective of the client attaching? I've just tried registering for your site using Firefox 3.5.2 on Vista SP1 and had no problems and no errors. Are you sure this is a general problem, and not just a weird thing on your PC?
–
GAThrawnAug 10 '09 at 23:10

Another thought on this: it might be that some JavaScript code isn't behaving as expected in Fx - the code could be parsing cleanly, but executing differently due to differences in Fx and IE semantics. Instead of looking for errors, it might be worth adding trace to your JS (maybe even alert()s) in an attempt to locate the last line before error, then trace that last line...
–
atkAug 11 '09 at 2:42

It might be an included file (CSS, JPG, or even a PHP include) with bad permissions that's being ignored by IE and other browsers. In other words, when the browser requests index.php, all the files included in index.php (graphics, CSS, external JavaScript files, etc.) are also automatically requested by the browser. If one of those files returns something other than an HTTP 200 (OK) response, other browsers may ignore it, but Firefox might throw the error you're seeing. You need to check paths and permissions for all included files.

We have disabled mod_security for your domain to fix it. We have entered the below lines to the .htaccess file under the httpdocs directory for your domain. We have also verified and successfully able to submit the Employer registration without any issues.
~~~~~
SecFilterEngine off
~~~~~

What is "SecFilterEngine" and What happens when SecFilterEngine is turned off ?
Please guide.

I was about to suggest you desactivate mod_security after looking at the HTTP response headers, but it seems it has been done already.

Mod Security check transactions between clients and Apache, it is rule based and the rules define what should be done in case of a match. Clearly at least one rule match when submitting with FF and result in a 403. You should ask your provider a log of rules matching for your website so that you could correct your code or disable mod_security when accessing this one file (through .htaccess).

Though the problem has got solved, I think making "SecFilterEngine off" may not be the best solution to this problem as it compromises security. Hence I asked the hosting guys if there is a way to keep mod_security ON and yet get my functionality to work...... here is their reply.....

[
Q. is there any way my code can work yet keeping mod_security ON?

Ans. It is possible. But it is not easy. You have to modify the code in the file in such a way that the URI should not have the pattern "!(^application/x-www-form-urlencoded$|^multipart/form-data;)"
because we found this entry in the apache error logs -